Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 56a9b37d0e8436a0…

MALICIOUS

Office (OLE) / .XLS

535.5 KB Created: 2002-06-06 01:19:14 Authoring application: Microsoft Excel
MD5: b3f5c7206202a26c1453be4f19b6ebb0 SHA-1: 9680594aa1f221e745179a07eebd86a589079883 SHA-256: 56a9b37d0e8436a04859f1e7baea9b2b8ef9ec8e9fa1882d0673f8f66959b023
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel formula macro virus, specifically mentioning 'Classic.Poppy by VicodinES' and 'The Narkotic Network'. The DOC BODY confirms this by containing embedded script-like comments detailing its infection mechanism, including saving itself as 'Book1.xls' in the Excel startup directory. The virus's intent is to infect other workbooks.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.